Information Security Basic Policy
Fuji Xerox and its affiliates strive for strong information security and continue to work on this issue so as to be able to provide peace of mind to customers and other stakeholders.
- Purpose of Information Security
The purpose of information security is to protect information received from customers and suppliers, the Company's own technical information, and other sensitive information from the threats of leakage, alteration, and loss and to handle such sensitive information in a proper manner.
In particular, we apply stricter control and operational procedures when we handle confidential information and the personal information of customers to prevent leakage of these types information.
- Operation of Information Security
Under a system of corporate-wide control, we manage and operate information security in accordance with applicable laws and regulations and in-house Company rules.
Specifically, we implement security programs, inspections, and improvement efforts based on risk assessment results. We also provide employee education programs to raise and enhance the security awareness of employees.
- Control of Information Security
In the event of any security incident occurring, we will take the appropriate actions to minimize the impact of the incident and implement necessary measures to prevent the recurrence of a similar incident.
- Please see the Fuji Xerox Information Security Report for details.
Summary on Information Security
Fuji Xerox believes that an important element in the operation of our business is risk management; protection against external threats and internal vulnerabilities. Information security is considered a key part of risk management, and we have been implementing a variety of measures accordingly. We believe that the most critical risk in information security is the leakage of information, such as a leak of personal information or confidential information that has been entrusted to us by our customers. In order for our customers to feel safe in allowing us to maintain their information assets and for them to utilize our solution services, we will first establish an optimal information security structure within the company, and continuously implement the PDCA cycle to eliminate accidents and enhance the management of information security.
Concept of Information Security Governance
The approach of Fuji Xerox toward information security governance is based on the concept illustrated in the diagram below. We have been increasing the awareness of our employees on the policies and rules regarding information security, and have been ensuring that all incidents involving information security are properly reported. We have also been issuing the Information Security Report to inform our customers and partner companies of our activities and have them evaluate our efforts, thereby seeking to provide a higher level of information security governance.
Information Security Promotion System
The Risk Management Group of the General Affairs Department at Fuji Xerox headquarters is responsible for establishing a system to promote information security throughout the company, as part of its duties to oversee companywide risk management. This Group is seeking to promote information security throughout the company in an efficient manner by working together with the Information and Communications System Department, which is responsible for IT governance, and Fuji Xerox Information System Co., Ltd. (FXIS), which is responsible for the development and operation of IT infrastructure.
Fuji Xerox Initiatives in Fiscal 2014
We implemented the following measures in fiscal 2014 with a view to balancing the strengthening of information security governance and improving productivity.
- To strengthen the measures to block cyber attacks against multifunction copiers and other devices or against solutions and services provided to or used by customers, as well as against the Company's internal information systems, we established the Group Information Security Emergency Response System to prepare for and take proper emergency actions in the event that any vulnerability is found in our information security systems.
- To ensure that sensitive information provided to service contractors is properly handled, the processes used to manage contractors were reviewed and improved.
- To ensure that all employees have knowledge and are able to take appropriate actions against "targeted mail attacks," education sessions designed for all employees were provided.
Acquisition Status of Information Security Management System Certification
Fuji Xerox and its affiliates promote the acquisition of third-party certification for information security. The table below shows the acquisition status for Information Security Management System (ISMS) certification and the Privacy Mark as of March 31, 2015.
Acquisition Status of Information Security Management System (ISMS) Certification and the Privacy Mark
|Company/Department||Date of ISMS Acquisition||Date of Privacy Mark Acquisition|
|Fuji Xerox Co., Ltd. (corporate functions)||March 2015||–|
|Fuji Xerox Service Link Co., Ltd.||–||April 2014|
|Fuji Xerox Co., Ltd. (Fuji Xerox Global Services)||January 2004||–|
|Fuji Xerox Co., Ltd. Domestic Sales & Marketing and Domestic Sales Companies (Domestic Sales, All Customer Service Operations) Note 1||September 2005||–|
|Fuji Xerox System Service Co., Ltd. (Itabashi Office)||March 2004||March 2001|
|Fuji Xerox Information Systems Co., Ltd.||November 2005||–|
|Fuji Xerox Learning Institute Inc.||–||July 2005|
|11 independent prefectural distributors (12 offices)||2006~2007||–|
|Fuji Xerox of Shanghai Limited||March 2007||–|
|Fuji Xerox Korea Co., Ltd.||April 2007||–|
|Fuji Xerox of Shenzhen Ltd.||September 2007||–|
|Fuji Xerox Eco-Manufacturing (Suzhou) Co., Ltd.||June 2010||–|
|Fuji Xerox Singapore Pte Ltd.||April 2012||–|
|Fuji Xerox BusinessForce Pty. Limited Note 2||July 2013||–|
- Note 1 Including Fuji Xerox InterField Co., Ltd. and Fuji Xerox Service Creative Co., Ltd.
- Note 2 A wholly-owned subsidiary of the Fuji Xerox Document Management Solutions Pty. Limited (Australia) which became the subsidiary in October, 2012.
In fiscal 2015, we intend to continue implementing the following activities with the aim of both strengthening information security governance and increasing productivity.
- In Japan to properly respond to the introduction of Social Security and Tax Number System, a system to assign a unique ID number to each citizen, we will revise relevant internal regulations, adopt a suitable management system, provide necessary education, and conduct inspections to ensure legal compliance with the system.
- To strengthen resistance against cyber attacks, stronger measures to detect attacks will be introduced, in addition to the operation of the Information Security Emergency Response System.
- Measures to prevent internal fraud and human error will be introduced to prevent information from being leaked by employees or contractors.